V-215329

SV-215329r991589_rule

CAT II

The AIX ldd command must be disabled.

From: IBM AIX 7.x Security Technical Implementation Guide (V3R2)

Description

<VulnDiscussion>The ldd command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software. Instead of parsing the binary file, some ldd implementations invoke the program with a special environment variable set, which causes the system dynamic linker to display the list of libraries. Specially crafted binaries can specify an alternate dynamic linker which may cause a program to be executed instead of examined. If the program is from an untrusted source, such as in a user home directory, or a file suspected of involvement in a system compromise, unauthorized software may be executed with the rights of the user running ldd.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

Consult vendor documentation concerning the "ldd" command. If the command provides protection from the execution of untrusted executables, this is not a finding. Determine the location of the system's "ldd" command: # find / -name ldd If no file exists, this is not a finding. Check the permissions of the found "ldd" file: # ls -lL <path to ldd> ---------- 1 bin bin 6289 Feb 28 2017 /usr/bin/ldd If the file mode of the file is more permissive than "0000", this is a finding

Fix Text

Disable the "ldd" command by removing its permissions using command: # chmod 0000 <path to ldd>

CCI Reference

CCI-000366

Created: 2026-04-07 20:08:18
Last Updated: 2026-04-07 20:08:18